A vulnerability in Microsoft Graph allowed attackers to conduct password-spray attacks without detection. The issue involved switching the 'common' authentication endpoint with that of an unrelated...
Mon, Apr 29th, 2024
The AWS Amplify service was found to be misconfiguring IAM roles associated with Amplify projects. This misconfiguration caused these roles to be assumable by any other AWS account. Both the Ampl...
Mon, Apr 15th, 2024
A principal with the permissions glue:GetConnection and ec2:DescribeSubnets can retrieve the database password of a connection, since the password is loaded into the AWS console website when a conn...
Thu, Apr 11th, 2024
A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution. The issue stemmed from a combination of session fixation in th...
Thu, Mar 21st, 2024
Tenable Research discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user within the context of a Spark VM. This escalation was achieved because of...
Thu, Mar 7th, 2024
When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing...
Tue, Feb 13th, 2024